top of page

Behind Licentium

Our Edge

Licentium is a specialized platform that connects crypto-asset issuers and service providers with an international network of lawyers, regulatory consultants, and former supervisors. Projects can map applicable rules in key jurisdictions through a single interface, obtain jurisdiction-specific launch advice, arrange the drafting of white papers and licensing applications, and schedule ongoing compliance health-checks. The platform’s curated expert pool spans financial services, data protection, and corporate law, enabling founders to address cross-border requirements—from MiCA in the EU to securities, AML, and consumer-protection regimes elsewhere—within coherent project timelines and budgets.

  • When launching a token-based project, founders must decide on an appropriate legal entity and jurisdiction for the issuer. A fundamental requirement in many jurisdictions is that the token issuer be an incorporated legal person (or equivalent). For example, under the EU’s Markets in Crypto-Assets Regulation (MiCA), “a person shall not make an offer to the public of a crypto-asset…unless that person: (a) is a legal person…”. This means that in the EU context, an ICO (initial coin offering) cannot be done by an informal group or unincorporated team – a company or other legal entity must be set up to issue the tokens.

    Beyond the basic need for a legal entity, token ventures often consider non-traditional corporate forms. Many projects have used non-profit foundations or similar structures to issue tokens, especially when the goal is to emphasize the utility nature of a token and avoid it being deemed a share of profits. 

    For instance, some Swiss-based token projects established foundations (Stiftung) to hold the project’s assets and intellectual property, with a separate operating company for development work. The idea is to distance the token from equity-like features (no shareholders or dividends in a foundation) and thereby reduce the risk of the token being treated as a security. However, even a non-profit issuer must comply with applicable securities or token offering laws if the token conveys investment characteristics. 

    Another structuring option is to incorporate the issuer in a jurisdiction with crypto-friendly regulations or clear legal frameworks for tokens. Jurisdictions like Switzerland, Singapore, and certain zones in the UAE (e.g., Dubai, ADGM) have become popular for token startups because they offer regulatory clarity or sandboxes for crypto assets. Founders may also consider a dual-company structure (e.g., one entity issues the tokens and another conducts commercial operations) to compartmentalize risk and regulatory obligations. This can be useful if one entity needs to be regulated (for example, a licensed token issuer or exchange) while another handles unregulated tech development. 

    Regardless of structure, token characterization is key: if the token is effectively a share or investment, securities laws will apply; if it is a pure utility or payment token, different laws (or exemptions) may apply, as detailed below for each jurisdiction.

  • The European Union has recently enacted a unified framework for crypto-assets with the Markets in Crypto-Assets Regulation (MiCA) (Regulation (EU) 2023/1114). Prior to MiCA, EU member states had fragmented approaches, but MiCA now establishes comprehensive rules for token issuers (apart from those tokens already regulated as traditional financial instruments or e-money). Under MiCA, any public offering of crypto-assets in the EU (that are not already regulated as securities or e-money) requires the issuer to prepare and publish a crypto-asset white paper and to notify it to regulators. 

    Specifically, “A person shall not make an offer to the public of a crypto-asset in the Union unless that person: 
    (a) is a legal person;
    (b) has drawn up a crypto-asset white paper in respect of that crypto-asset in accordance with Article 6;
    (c) has notified the crypto-asset white paper in accordance with Article 8
    (d) has published the crypto-asset white paper in accordance with Article 9; 
    (e) has drafted the marketing communications, if any, in respect of that crypto-asset in accordance with Article 7;
    (f) has published the marketing communications, if any, in respect of that crypto-asset in accordance with Article 9;
    (g) complies with the requirements for offerors laid down in Article 14."
     

    This effectively functions like a prospectus-lite regime: the whitepaper must disclose information about the issuer, the project, risks, rights, and it must be filed with the competent authority at least 20 days before publication. MiCA does, however, provide exemptions for smaller or private offerings. The obligation to file a whitepaper does not apply to offers to fewer than 150 investors per Member State, offers under EUR 1 million in total consideration (over 12 months), or offers solely to qualified investors (with tokens only held by such investors). Certain utility token offerings are exempt if the token is for access to an existing product or service and is usable at issuance (not for investment purposes).
     

    Stablecoin issuers must obtain a license/authorization from the national regulator and get their coin’s whitepaper approved before issuance. For example, the European Banking Authority emphasizes that issuers of asset-referenced tokens (ARTs) and electronic money tokens (EMTs) are required to hold the relevant authorisation to carry out activities in the EU.
     

    This means a company issuing a stablecoin (pegged to assets or fiat) in the EU needs to meet prudential and governance requirements, and its whitepaper must be formally approved by regulators (unlike ordinary crypto-asset whitepapers, which are only filed, not approved). 

    In sum, the EU’s MiCA regime as of 2024 mandates that crypto token offerings to the public (outside of traditional securities law) be accompanied by a registered whitepaper with prescribed disclosures and imposes ongoing obligations (e.g., marketing in compliance with fair and clear standards). 

     

    If a token in Europe qualifies as a financial instrument (security) under existing law (e.g. tokenized stock or bond), MiCA does not apply – instead, the full EU Prospectus Regulation and MiFID II would apply.

    Thus, token issuers in the EU must first classify their token: financial instruments follow traditional securities laws, whereas other crypto-assets fall under MiCA’s bespoke disclosure regime.

    • UK – Regulatory Perimeter: Cryptoasset “tokens” may fall within the UK financial services regulatory perimeter if they have characteristics of regulated investments under the Financial Services and Markets Act 2000 (FSMA). In particular, tokens conferring rights akin to shares, debt instruments or other “specified investments” in the Regulated Activities Order 2001 are treated as securities and regulated accordingly. By contrast, utility tokens (providing access to a service or product) and decentralized exchange tokens (e.g. Bitcoin) typically do not constitute specified investments and lie outside FSMA’s scope – unless they meet the legal definition of electronic money (e.g. fiat-pegged tokens with a claim on an issuer).
       

    • UK – Authorisation of Issuers: Issuing one’s own crypto tokens is generally not a regulated activity per se, so the token issuer itself usually does not need to be an authorised person under FSMA purely to issue tokens. However, if the token or the issuance process involves regulated activities – for example, operating a collective investment, advising on investments, or issuing e-money – the issuer or its arrangers may require FCA authorisation to conduct those activities. Moreover, if the token is a transferable security, offering it to the public in the UK triggers prospectus requirements: it is unlawful to offer transferable securities to the public without an FCA-approved prospectus, absent an exemption. Issuers of security tokens must therefore comply with the Prospectus Regulation regime (as retained in UK law) and other applicable rules when making public offers or seeking trading admission.
       

    • UK – Financial Promotions: Marketing of cryptoassets in the UK is now tightly regulated. Since 8 October 2023, the financial promotion restriction in FSMA 2000 §21 has been extended to “qualifying cryptoassets”, capturing unregulated tokens. Under the Financial Promotion Order 2005 (as amended in 2023), any invitation or inducement to invest in “qualifying cryptoassets” (broadly, fungible transferable cryptoassets not already regulated as securities or e-money) is a controlled investment. As a result, cryptoasset promotions must be made or approved by an FCA-authorised person, or else fall within a narrow exemption. The FCA’s rules (effective Oct. 2023) treat crypto promotions as high-risk investment promotions, requiring prominent risk warnings, banning referral bonuses or other purchase incentives, and imposing “positive frictions” (such as a 24-hour cooling-off period and appropriateness tests for first-time investors). Breaching the crypto promotion rules is a criminal offense and the FCA has warned it will take enforcement action against unlawful or misleading crypto marketing.
       

    • UK – Stablecoins and Digital Settlement Assets: The Financial Services and Markets Act 2023 (FSMA 2023) brought certain stablecoins (termed “Digital Settlement Assets”) into the UK regulatory framework when used as a means of payment. FSMA 2023 defines a “digital settlement asset” broadly to mean “a digital representation of value or rights… that (a) can be used for the settlement of payment obligations, (b) is transferable, stored or traded electronically, and (c) uses technology for recording or storage of data (including DLT)”, including any right or interest in such an asset. Under FSMA 2023, HM Treasury can designate payment systems using stablecoins for regulation, and the Bank of England and Payment Systems Regulator are given oversight powers for systemically important stablecoin arrangements. However, as of August 2025, most fiat-referenced stablecoin issuers are not yet subject to full FSMA authorisation requirements for issuance; HM Treasury has opted not to integrate stablecoins into general payments regulation immediatelygov.uk. Instead, impending secondary legislation will create a new regulated activity for issuing fiat-backed stablecoins under FSMA’s regime, meaning issuers in or from the UK will need to be FCA-authorised once that regime is in force.
       

    • UK – Imminent Regulatory Regime for Cryptoassets: The UK is in the process of expanding its financial regulatory perimeter to cover a wider range of cryptoasset activities, pursuant to FSMA 2023. In April 2025, HM Treasury published draft legislation (the Financial Services and Markets Act 2000 (Cryptoassets) Order 2025) to establish a comprehensive crypto regulatory regime. This impending framework will classify “qualifying cryptoassets” as regulated investments and introduce new regulated activities, including operating a cryptoasset trading platform, dealing in cryptoassets, arranging or advising on cryptoasset transactions, custody of cryptoassets, and issuing stablecoins, among others. Firms carrying out these activities in the UK (even if based overseas) will be required to obtain FCA authorisation and comply with applicable rules, similar to firms in traditional financial markets. These changes – expected to be enacted by late 2025 – will effectively bring currently unregulated token issuance and related services into the FSMA licensing regime for the first time, significantly strengthening oversight of token issuers and cryptoasset service providers.
       

    • UK – Financial Promotions Gateway: In tandem with the above, FSMA 2023 introduced a “financial promotions gateway” to raise standards for all promotions, including crypto. From February 2024, any FCA-authorised firm wishing to approve financial promotions on behalf of an unauthorised person must first obtain a specific FCA permission (gateway approval). This measure prevents unqualified or rogue firms from approving cryptoasset advertisements and is designed to ensure tougher scrutiny and accountability for crypto promotions.
       

    • Binding vs. Persuasive Authority: In the UK, Acts of Parliament (such as FSMA 2000 and FSMA 2023) and Statutory Instruments (like the RAO 2001 and FPO amendments) are binding law. FCA rules and directions (contained in the FCA Handbook under FSMA authority) are binding on regulated firms, while FCA guidance and policy statements (e.g. 2019 Guidance on Cryptoassets, 2023 Guidance on crypto promotions) are non-binding but highly persuasive interpretations of the law’s application. There is, to date, no UK case law definitively ruling on crypto-token classification under FSMA, so the above framework relies on statute, delegated legislation, and official regulatory guidance. All cited authorities have been verified as current and in force (or, in the case of draft proposals, officially published and pending implementation) as of August 23, 2025.

    • Token Classification: The Swiss Financial Market Supervisory Authority (FINMA) classifies crypto tokens as payment tokens, utility tokens, or asset tokens, and applies existing financial laws based on each token’s economic function. Asset tokens (e.g. tokenized equities or debt) are deemed securities under Swiss law, triggering securities regulation (prospectus requirements, trading rules). Payment tokens (cryptocurrencies used as means of payment) are not treated as securities but must comply with Anti-Money Laundering (AML) laws. Utility tokens (providing digital access to an application) are generally not securities if they serve only a usage purpose at issuance; however, if a utility token functions economically as an investment, it is regulated as a security.
       

    • Licensing of Crypto Exchanges/Trading Platforms: Switzerland’s Financial Market Infrastructure Act (FMIA/FinMIA) was amended in 2021 (the “DLT Act”) to introduce the DLT trading facility as a new regulated financial market infrastructure (Art. 73a FinfraG). A DLT trading facility licence permits multilateral trading of blockchain-based securities (DLT securities) and may cover platforms admitting retail clients or providing custody/settlement of cryptoassets. FINMA granted the first such license in March 2025 to BX Digital AG, enabling a regulated blockchain-based exchange under the FMIA. Crypto trading venues that facilitate secondary trading of securities tokens or involve retail investors/custody must obtain authorization (DLT trading facility or securities exchange license); purely bilateral or institutional platforms trading non-securities may fall outside full FINMA licensing (though AML requirements still apply).
       

    • Financial Institutions and Custody: There is no bespoke “crypto license” for custodial or brokerage services; instead, providers must fit within existing categories of financial institutions. Crypto brokerage or dealing in tokens that are securities requires a securities firm license under the Financial Institutions Act (FINIA) (formerly securities dealer) if conducted on a commercial basis. Firms taking custody of cryptoassets for clients may require a banking license if they accept crypto or fiat deposits from the public or otherwise engage in bank-like activities. FINMA has licensed crypto-focused banks (e.g. Sygnum Bank AG and SEBA Bank AG in 2019) under the Banking Act, demonstrating that compliant crypto businesses can operate within the traditional licensing regime. Conversely, FINMA has taken enforcement action against unlicensed crypto ventures engaging in banking: in one case, an ICO issuer’s promise to repay contributions was deemed an unauthorized acceptance of public deposits, violating the Banking Act (a banking license was required to accept ~CHF 90 million from 37,000 investors).
       

    • Financial Market Supervision and Securities Laws: FINMA applies a “same risks, same rules” approach, regulating cryptoasset activities under existing law in a technology-neutral manner. Securities laws (including the Financial Services Act, FinSA) apply to cryptoassets classified as securities (e.g. asset tokens). Thus, public offerings of security tokens must generally publish a prospectus meeting FinSA’s requirements, and ongoing securities trading is subject to market conduct rules and potential licensing of trading venues. However, as of the as-of date, Switzerland has no separate prospectus regime specifically for tokens – they are treated like conventional securities if they embody shareholder, debt, or derivative rights. FINMA has noted that some crypto projects may also implicate the Collective Investment Schemes Act (fund regulation) or other financial laws in unusual cases, though these are not typical for most token sales.
       

    • Anti-Money Laundering (AML) Regulation: AML laws apply robustly to cryptoasset activities. Under the Anti-Money Laundering Act (AMLA), anyone professionally trading or transferring virtual assets qualifies as a financial intermediary and must comply with customer due diligence (KYC) and suspicious activity reporting obligations. Crypto exchanges and wallet providers in Switzerland must either be directly supervised by FINMA or belong to a FINMA-recognized self-regulatory organization (SRO) for AML oversight. In line with FATF standards, Switzerland has implemented stringent measures: FINMA requires identification of customers for cryptocurrency transactions over CHF 1,000, aggregating linked transfers within 30 days. FINMA-regulated entities can only send cryptoassets to or receive them from external wallets owned by identified clients – transfers to unknown third-party wallets are prohibited absent an information-sharing protocol. This “travel rule” practice in Switzerland, which has no exception for small unhosted wallets, is stricter than the FATF baseline and is intended to prevent use of anonymous crypto channels. Violations of AML duties can lead to enforcement actions and criminal penalties.
       

    • Notable Regulatory Actions: Swiss authorities have actively clarified crypto regulation through published guidance and precedent-setting decisions. In 2018–2019, FINMA issued detailed ICO Guidelines and a Stablecoin Guidance (2019) to outline how token offerings map to regulatory requirements. In the landmark “Envion” case, FINMA declared an ICO unlawful for flouting banking law (accepting deposits without a license) and ensured the entity’s liquidation. In 2019, FINMA announced that the proposed Libra (Diem) stablecoin project would be treated as a payment system requiring FINMA licensure under the Financial Market Infrastructure Act. FINMA made clear that such a global stablecoin arrangement would face additional “bank-like” prudential requirements (for capital, risk concentration, governance of the reserve, etc.) to address its risks. These actions underscore FINMA’s commitment to integrating crypto into the regulated financial system: innovative crypto ventures are welcomed but must operate “inside the law”, subject to investor protection and financial integrity rules.

    • Licensing Requirement (Domestic): Singapore – Any person carrying on a business of providing cryptocurrency token services (classified as “digital payment token” services) in Singapore must hold a licence under the Payment Services Act 2019 (PSA), unless exempt. Operating without a licence is a criminal offence punishable upon conviction by up to S$125,000 fine or 3 years’ imprisonment (individuals) (or double the fine for corporations). MAS (Monetary Authority of Singapore) may also revoke or suspend licences if a licensee fails to meet fit and proper criteria or breaches regulatory conditions.
       

    • Licensing Requirement (Overseas Services): Singapore – The Financial Services and Markets Act 2022 (FSMA) extends MAS licensing to digital token service providers operating from Singapore but serving overseas customers. Effective 30 June 2025, any Singapore individual, partnership or corporation providing digital token services “outside Singapore” must be licensed (unless exempt). This FSMA Part 9 regime closes regulatory gaps by preventing unlicensed offshore token issuance activities; unlicensed conduct is an offence subject to similar penalties as under the PSA. Token issuers established in Singapore cannot hold themselves out as providing token services abroad without an FSMA license.
       

    • Securities Offering Rules: Singapore – Token issuers offering tokens to the public in Singapore that constitute “capital markets products” (e.g. securities, derivatives or units in a collective investment scheme) are subject to the Securities and Futures Act 2001 (SFA) prospectus registration requirements. Any offer of digital tokens that are securities, securities-based derivatives or CIS units must be made in or accompanied by a MAS-registered prospectus, unless an exemption applies. In effect, an issuer of security tokens must either register a prospectus with MAS or fit within a statutory exemption (e.g. private placement or small offers), in line with Part XIII of the SFA. Failure to comply can attract SFA enforcement (including voiding of contracts and statutory civil liability).
       

    • AML/CFT Compliance: Singapore – Licensed cryptocurrency token issuers are subject to Anti-Money Laundering/Countering Financing of Terrorism (AML/CFT) obligations under MAS rules. In particular, MAS Notice PSN02 (effective 4 April 2024) mandates that digital payment token service providers implement robust AML/CFT controls. These include conducting institutional risk assessments and risk mitigation, ongoing customer due diligence (CDD) and identity verification, transaction monitoring, record-keeping, screening for illicit persons, and prompt suspicious transaction reporting. Compliance with the Financial Action Task Force “Travel Rule” for crypto value transfers is also required by MAS. Breaches of AML/CFT requirements can result in regulatory action, financial penalties, and potential criminal liability under Singapore’s AML laws (e.g. Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act).

    • Stablecoin Issuance Framework: Singapore – Issuers of single-currency pegged stablecoins (SCS) in Singapore face additional regulatory obligations under MAS’s new stablecoin framework (2023). In August 2023, MAS finalized a regime for “MAS‑regulated stablecoins” to ensure a high degree of value stability. This framework applies to SCS pegged to the Singapore Dollar or any G10 currency and issued in Singapore. Stablecoin issuers who seek MAS-regulated status must fulfill prudential requirements, including maintaining reserve assets equivalent to at least 100% of the outstanding stablecoins’ par value, redeemability at par value (within ≤5 days) for holders, timely audits of reserve holdings, and clear disclosure via a white paper of the coin’s mechanics, rights, and risks. They must also meet base capital and liquidity requirements and ensure proper AML/CFT controls. Only SCS that meet these standards can be marketed as “MAS-regulated stablecoins,” distinguishing them from unregulated tokens. Enforcement of this framework will be via the PSA – MAS encourages SCS issuers to prepare early for compliance with these rules.
       

    • Enforcement and Penalties: Singapore – Regulatory breaches by token issuers invite strict enforcement by MAS and statutory penalties. MAS has authority to investigate and sanction non-compliance, including issuing directions, imposing financial penalties, and issuing prohibition orders against individuals for misconduct. Under the PSA and FSMA, operating a token business without the required licence is a criminal offence (as noted above). Likewise, holding out to the public as a licensed token issuer when not licensed is prohibited. Each contravention of the Acts or MAS notices can result in prosecutions or MAS enforcement actions. Upon conviction, offenders face fines and/or imprisonment as specified in the statutes (e.g. up to S$125k/3 years for individuals, higher fines for companies). MAS may also revoke or suspend licences for serious violations or if a licensee is no longer fit and proper.

    • Utility Tokens: Digital tokens lacking investment or pegged-value features (mere “virtual commodities”) fall outside Hong Kong’s securities and payment regulations. Issuers of pure utility tokens are not subject to licensing or prospectus requirements, absent features that would classify the token as a security or other regulated instrument.
       

    • Security Tokens: Tokens with characteristics of shares, debt, or investment schemes are deemed “securities” under the Securities and Futures Ordinance (Cap. 571). Their issuance is regulated like any traditional security: offering security tokens to the public requires compliance with prospectus registration or SFC authorization unless an exemption applies. Dealing in or advising on such tokens is a Type 1 regulated activity requiring an SFC license. Unauthorized public offerings of security tokens contravene Hong Kong law.
       

    • Stablecoins: Fiat-referenced stablecoins are now governed by the Stablecoins Ordinance (Ord. 17 of 2025). Issuing or managing a stablecoin that purports to maintain stable value (e.g. pegged to fiat) is a regulated activity overseen by the Hong Kong Monetary Authority. Only permitted offerors – licensed stablecoin issuers, SFC-licensed virtual asset platforms, SFC-licensed securities dealers, stored value facility licensees, or authorized banks – may offer stablecoins to the public. Unlicensed stablecoin issuance or offering is prohibited by law, with heavy criminal penalties (up to HK$5 million fine and 7 years’ imprisonment on indictment).
       

    • Licensed vs Unlicensed Issuance: Hong Kong distinguishes regulated token issuance (which must be conducted by licensed or authorized entities) from unlawful, unlicensed offerings. Licensed issuers of security tokens must ensure full compliance with disclosure obligations – e.g. an SFC-vetted prospectus for public offers – and adhere to conduct standards under securities laws. Licensed stablecoin issuers are subject to prudential and conduct requirements under the HKMA’s regime, including maintaining 1:1 high-quality reserves backing outstanding stablecoins and publishing a detailed white paper with transparent information for users. In contrast, unlicensed issuers have virtually no lawful avenue to market security tokens or stablecoins to the Hong Kong public; doing so triggers statutory prohibitions (e.g. SFO advertisement offences and stablecoin Ordinance offences).
       

    • Disclosure and Conduct Duties: Regulatory frameworks impose ongoing duties on licensed token issuers. A stablecoin licensee must publish and maintain a current white paper for each stablecoin, disclosing its issuance/redemption mechanics, holder rights, and technological underpinnings as guided by HKMA. Stablecoin issuers must also ensure the market value of reserve assets always meets or exceeds the par value of tokens in circulation, with reserves held in the same reference asset and subject to regular independent audit. Moreover, paying interest on stablecoins is forbidden to licensed issuers, preventing stablecoins from functioning as interest-bearing deposits. Similar principles of truthful disclosure and investor protection apply to security token offerings under existing securities law (e.g. no misleading statements in offering documents, compliance with SFC’s Code of Conduct by intermediaries).

    • Dubai’s Virtual Assets Regulatory Authority (VARA) requires token issuers to obtain a VARA permit for regulated virtual asset activities (e.g. offering or selling “Virtual Tokens”) within Dubai (excluding the DIFC free zone). Under Dubai Law No. 4 of 2022, any person issuing virtual assets in Dubai must establish a local entity and be licensed by VARA (especially for Category 1 issuances such as stablecoins). VARA’s framework mandates comprehensive disclosure (Whitepapers) and ongoing compliance for token offerings, and strictly controls marketing of virtual assets, including by foreign issuers targeting Dubai.
       

    • At the UAE federal level, the Securities and Commodities Authority (SCA) is the primary regulator of virtual assets outside the financial free zones. Cabinet Decision 111/2022 (in force 14 Jan 2023) requires SCA licensing and oversight for key virtual asset activities (exchange, transfer, custody, brokerage, etc.), while carving out payment tokens under Central Bank jurisdiction. Pursuant to Cabinet Decision 112/2022, Dubai’s VARA is formally delegated to license and supervise virtual asset activities within Dubai in coordination with SCA.
       

    • Security tokens (digital tokens conferring rights similar to stocks, bonds, or other securities) are excluded from the “virtual asset” regime and instead treated as securities under UAE law. Issuers of security tokens must comply with SCA’s securities offering regulations (e.g. public offer prospectus requirements or private placement limits) and cannot rely on VARA’s virtual asset license; any public token offering that constitutes a security requires prior SCA approval and registration in accordance with federal securities laws.

    • Utility tokens and other non-security virtual assets are regulated as “Virtual Assets.” In onshore UAE, SCA rules (as updated in 2023) generally permit offerings only to qualified investors or through regulated platforms, with SCA approval required for public (retail) sales. In Dubai, VARA’s 2023 Issuance Rulebook similarly distinguishes permitted offerings: Category 1 issuances (e.g. fiat-referenced stablecoins or high-risk tokens) require a full VARA license and prior approval, whereas other Category 2 utility token issuances (non-stablecoin, non-security tokens) do not require a VARA license but must still meet VARA’s disclosure and conduct standards (including publishing an approved Whitepaper and risk warnings). Certain limited-scope tokens (e.g. truly non-transferable or closed-loop tokens) are exempt from VARA’s licensing and disclosure rules.
       

    • Payment tokens (stablecoins) are tightly controlled. Central Bank of the UAE regulations (Circular No. 2/2024) establish a licensing regime for “Payment Token” services, effective 2024–2025, which restricts crypto payment use to licensed AED-pegged stablecoins. Unlicensed acceptance of volatile cryptocurrencies (e.g. Bitcoin, Ether) for payments is prohibited onshore. A token issuer intending to issue a stablecoin for UAE users must obtain a CBUAE license and comply with prudential rules (e.g. maintaining 100% reserve assets in segregated custody with qualified custodians), in addition to any VARA licensing if operating in Dubai. This ensures consumer protection and financial stability in the use of crypto for payments.
       

    • All token issuers in Dubai and UAE must adhere to strict disclosure obligations. VARA requires publication of a detailed Whitepaper and standalone Risk Disclosure Statement before any token sale or promotion, with ongoing updates to keep information accurate. The Whitepaper must include prescribed content (issuer’s identity, project description, rights and risks, use of proceeds, etc.) and cannot disclaim liability for false or misleading statements. Federal rules likewise mandate filing of offering documents with SCA for token sales and an SCA-approved prospectus for public offerings. Custodial safeguards are also imposed: token issuers raising funds from the public must typically use licensed UAE custodians or escrow arrangements to hold investor assets. For example, stablecoin issuers under VARA’s rules must hold fiat reserves with authorized custodians and segregate them from the issuer’s own funds, ensuring redemption rights are protected.
       

    • Crypto asset marketing and promotions in the UAE are subject to strict regulation. VARA’s Marketing Regulation (Administrative Order 1 of 2022, as updated 2024) applies extra-territorially to “any” person (domestic or foreign) who markets virtual assets “in or targeting” Dubai/UAE consumers, regardless of licensing status. All crypto advertisements must be fair, clear and not misleading, clearly identified as marketing, and include prominent consumer warnings (e.g. that crypto assets are volatile and can lose value in full). Misleading or unwarranted statements (e.g. claims that crypto investing is “safe” or guaranteed) are expressly prohibited. Entities that facilitate marketing (publishers, social media platforms, influencers) are obliged to ensure compliance with these rules. Violations can trigger VARA enforcement actions, including substantial fines and suspension of activities under Administrative Order 2 of 2022 (Penalties).
       

    • Cross-border token issuance into the UAE is tightly controlled. A foreign token issuer may not offer or advertise tokens to UAE/Dubai investors without local regulatory compliance. Dubai law requires any person conducting virtual asset business in the Emirate to incorporate locally and obtain VARA approval before launch. Similarly, SCA regulations deem overseas token offerings as regulated activities “within the UAE” if UAE investors are targeted. In practice, a foreign issuer must either partner with a locally licensed firm or obtain its own UAE license (through VARA or SCA as applicable) before marketing or selling tokens to the public. UAE authorities coordinate to enforce these requirements: VARA and SCA have a unified mechanism to supervise VASPs and share fees/fines for cross-border activities. In sum, no regulatory arbitrage is allowed – token sales cannot legally be “passported” into Dubai/UAE from abroad without compliance.
       

    • All token issuers (whether UAE-based or foreign) must comply with UAE anti-money-laundering (AML/CFT) laws and any sectoral rules. Licensees are subject to ongoing supervision by VARA/SCA, including audits and reporting. Non-compliance can lead to license revocation, fines, or criminal referrals under UAE law. The regulatory framework as of August 23 2025 is comprehensive and still evolving, but its core principle is clear: investor protection and market integrity are paramount in Dubai and the UAE’s approach to crypto token issuance.

    • [Panama] Crypto Law Void, No Specific Crypto Statute: Panama currently lacks any dedicated crypto-asset legislation. A 2022 bill to regulate cryptoassets and Virtual Asset Service Providers (VASPs) was vetoed and struck down as unconstitutional in 2023. Thus, no special licensing regime exists for cryptocurrency businesses; oversight defaults to general securities and AML laws.
       

    • [Panama] Utility Tokens Unregulated by Securities Regime: The Panamanian Superintendencia del Mercado de Valores (SMV) has officially opined that cryptocurrencies and other virtual assets are not “valores” (securities) or financial instruments under Panama’s Securities Market Law, and their offer or trading are not activities subject to [SMV] regulation or supervision. Utility token ICOs to the public fall outside securities law, meaning no prospectus or registration is required when the token carries no debt/equity characteristics. (The SMV has warned investors that such offerings are high-risk and unregulated)
       

    • [Panama] Security Tokens Under Existing Securities Law: Crypto tokens may be deemed securities if they confer rights akin to stocks, bonds, fund units, or other “valores.” In substance, a token representing equity in a company or shares in an investment fund would be treated as a security, requiring compliance with Panama’s securities framework. Any public offering of such security tokens to retail investors must be registered with the SMV and accompanied by a prospectus, as mandated by the securities law. However, private or limited offerings to accredited investors are exempt – e.g. Panama allows unregistered private offerings if to ≤50 investors or only to “inversionistas calificados” (qualified investors) with a minimum subscription of US$100,000supervalores.gob.pasupervalores.gob.pa. In practice, many tokenized funds or DAO investment tokens are structured to fall under these private placement exemptions in Panama.
       

    • [Panama] No Crypto-Specific License, But AML Applies via Other Laws: There is presently no requirement to obtain a financial license solely to issue tokens or operate a crypto exchange in Panama, so long as the activity does not involve regulated securities or brokerage services. The SMV explicitly confirmed that a Panama company dealing exclusively in cryptoassets (with no fiat or securities) “is not obligated to obtain an investment advisor or broker-dealer license” under current law. Nevertheless, general Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CFT) laws still apply. Crypto businesses in Panama may voluntarily implement Know-Your-Customer (KYC) controls, and they often interact with regulated banks (which impose KYC/AML checks on crypto-related accounts). Panama’s AML Law 23/2015 and related regulations list obligated entities (banks, money transmitters, securities firms, etc.), but VASPs are not yet explicitly included. Bringing Panama’s regime into line with FATF standards remains a work in progress (Panama was only removed from FATF’s “grey list” in Oct 2023 after strengthening its AML framework). Pending legislation is expected to formalize VASP obligations (including mandatory KYC and reporting), but as of August 2025 no such law is in force.
       

    • [BVI] Comprehensive VASP Legal Framework Implemented: The British Virgin Islands has enacted the Virtual Assets Service Providers Act, 2022 (the “VASP Act”), in force since February 1, 2023. Any entity incorporated or operating in or from the BVI that provides “virtual asset services” must be registered with the BVI Financial Services Commission (FSC) as a VASP. Covered “virtual asset services” are defined broadly to include: exchanging virtual assets for fiat or other virtual assets, transferring virtual assets for others, safekeeping/custody of virtual assets, and “participation in financial services related to an issuer’s offer or sale of a virtual asset” (which captures activities around ICOs). The law deems a BVI business providing services outside the territory as doing so “from within” the BVI, so purely offshore token sales by a BVI company are not exempt. Operating a VASP without registration is a criminal offense punishable by fines up to US$100,000 and/or 5 years’ imprisonment. This regime makes the BVI one of the jurisdictions with a clear licensing pathway for crypto exchanges, custodians, and token issuers.
       

    • [BVI] Utility Tokens vs. Securities – Dual Regulation: The BVI distinguishes utility tokens from security tokens under its laws. Pure virtual assets (e.g. cryptocurrencies or utility tokens) are generally not classified as “investments” under BVI’s Securities and Investment Business Act, 2010 (SIBA). Instead, they are treated as a new asset class regulated mainly through the VASP Act. However, if a token has the features of a traditional security, it will fall under SIBA’s scope. For example, tokens representing equity ownership, debt (bonds/notes), profit-sharing rights, or interests in a fund are treated as securities (“investments”) under Schedule 1 of SIBA, regardless of their digital form. In such cases, both regimes apply: the issuer may need to register as a VASP and comply with SIBA’s requirements. The law mandates a case-by-case analysis of a token’s characteristics – a token conferring rights “beyond a medium of exchange” (e.g. governance or revenue rights) may trigger SIBA. Notably, tokenized fund units are explicitly within SIBA’s ambit (they constitute interests in a collective investment scheme) and must adhere to BVI fund. In sum, utility tokens (for consumptive use or payment) are regulated solely under the VASP Act, whereas security tokens face the additional layer of securities regulation.
       

    • [BVI] Offering Tokens: Retail Offerings vs. Accredited/Exempt Offers: The VASP Act and SIBA collectively ensure investor protection in public token offerings. Any public offering of virtual assets in the BVI requires regulatory authorization. In particular, offering a token to the general public in or from the BVI necessitates the issuer’s registration as a VASP with the FSC (to supervise the offering for AML/CFT and consumer risks). Furthermore, if the token is a security, a full prospectus compliant with SIBA’s Public Issuers Code must be filed and approved by the FSC before any public sale. Exemptions: Offers that are limited to sophisticated investors are carved out from some requirements. For example, under SIBA, an offering made only to “qualified investors” (professional investors), or to a restricted circle (e.g. existing shareholders or the government), is exempt from the public issuance rules. Qualified investor is defined in SIBA (mirroring “professional investor”) to include regulated institutions, listed companies, or high-net-worth individuals meeting financial thresholds. Similarly, the BVI’s fund regimes allow “private” or “professional” tokenized funds (limited to ≤50 investors or investors with ≥$100k subscriptions) to operate with lighter regulation, whereas retail collective investment offerings would require full FSC mutual fund registration. In practice, most BVI token offerings are structured as private sales to accredited investors or conducted outside the BVI to avoid triggering public issuance rules.
       

    • [BVI] AML/KYC and Compliance Obligations: BVI imposes AML/CFT compliance on all virtual asset businesses. The VASP Act mandates VASPs to implement customer due diligence, record-keeping, and reporting measures in line with the territory’s AML laws. Failure to maintain required KYC records or to institute adequate AML systems is an offense carrying up to US$100,000 fines and 5-year imprisonment. BVI-registered VASPs are supervised by the FSC’s Enforcement and AML units and must adhere to the Anti-Money Laundering Regulations and Terrorist Financing Code of Practice (which were updated to cover VASPs). In short, BVI VASPs must know their token purchasers and source of funds, monitor for suspicious activity, and comply with international sanctions, similar to requirements on traditional financial institutions. Panama, by contrast, has no specific VASP AML regulation yet – but its existing laws still apply indirectly (e.g. any token fund raising fiat from the public would likely trigger due diligence by banks or licensed trustees handling the funds).
       

    • [Panama & BVI] Treatment of DAOs and Emerging Structures: Both jurisdictions are adapting gradually to decentralized models like DAOs (Decentralized Autonomous Organizations). Panama does not currently recognize DAOs as legal persons, so typically a Panamanian corporation or foundation is used to “wrap” a DAO for legal activities. (Panama’s legislature has signaled interest in recognizing smart contracts and DAOs in future legislation, but none is enacted yet.) The BVI similarly has no bespoke DAO law – a DAO seeking legal capacity would form a BVI Business Company or Limited Partnership to contract and hold assets. In either jurisdiction, the legal entity behind a DAO must comply with the relevant laws: e.g. if a BVI company operates a DAO-controlled protocol that offers tokens or financial services, that company must obtain any necessary VASP registration or securities licenses. Neither Panama nor BVI provides limited liability to an unincorporated “pure code” DAO, so organizers typically incorporate to limit liability and fulfill compliance obligations. DAO token offerings are thus treated under the principles above (utility vs security token, public vs private offering) depending on the token’s features.
       

    • [Looking Ahead]: Panama’s framework remains in flux, with no binding crypto-specific regulations yet – token issuers rely on interpreting general laws and SMV guidance. In the BVI, a regime is in place and actively enforced for all crypto token activities, though evolution continues (e.g. new FSC rules or sandbox programs for DeFi are in effect). Both jurisdictions require careful structuring (often utilizing Panama for more flexibility vs. BVI for more regulatory certainty), and token issuers commonly use a Panama+BVI dual structure (e.g. a Panamanian operating entity with a BVI token-issuing vehicle) to balance business needs with compliance. The following sections provide the detailed legal analysis, with citations to the primary sources governing crypto tokens in Panama and the BVI.

ChatGPT Image May 18, 2025, 12_04_15 PM.png

Legal Structuring for Token Issuers

The legal classification of a token (e.g., security, utility, payment token) and the chosen jurisdiction for incorporation directly influence what regulations are triggered. Below, we outline common corporate structuring solutions for token issuers and analyze the regulatory implications in key jurisdictions, including the EU (MiCA regime), Singapore, Switzerland, and the UAE.


Ready to Launch Legally Worldwide?

Book a free 30-minute consult and walk away with a personalised roadmap.

client logo
bottom of page